From 25e7ca491724a5bb3c085904945eccb385993a2f Mon Sep 17 00:00:00 2001
From: Paul Lecuq <paul@paulbsd.com>
Date: Wed, 27 Jul 2022 23:49:44 +0200
Subject: [PATCH] updated nginx state

---
 states/nginx/templates/types/dokuwiki.j2  |  4 ++
 states/nginx/templates/types/fdp.j2       | 67 +++++++++++++++++++++++
 states/nginx/templates/types/nextcloud.j2 |  3 +
 states/nginx/templates/types/rainloop.j2  |  4 ++
 states/nginx/templates/types/rd.j2        |  1 +
 states/nginx/templates/types/simple.j2    |  8 ++-
 states/nginx/templates/types/zabbix.j2    |  4 ++
 7 files changed, 88 insertions(+), 3 deletions(-)
 create mode 100644 states/nginx/templates/types/fdp.j2

diff --git a/states/nginx/templates/types/dokuwiki.j2 b/states/nginx/templates/types/dokuwiki.j2
index d194af9..327b958 100644
--- a/states/nginx/templates/types/dokuwiki.j2
+++ b/states/nginx/templates/types/dokuwiki.j2
@@ -13,6 +13,10 @@ server {
 
   index         index.php index.html;
 
+  {%- for key,value in headers.items() %}
+  add_header            {{ key }} "{{ value }}";
+  {%- endfor %}
+
   location ~ /(conf|bin|inc)/ {
     deny all;
   }
diff --git a/states/nginx/templates/types/fdp.j2 b/states/nginx/templates/types/fdp.j2
new file mode 100644
index 0000000..ff3194c
--- /dev/null
+++ b/states/nginx/templates/types/fdp.j2
@@ -0,0 +1,67 @@
+## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }}
+
+server {
+  include                 http;
+  server_name             {{ vhost_name }};
+  return                  301 https://$server_name$request_uri;
+}
+
+server {
+  include                 https;
+  {%- if internal_access %}
+  include                 access;
+  {%- endif %}
+  server_name             {{ vhost_name }};
+  {%- if not proxy %}
+  root                    "{{ root_dir }}";
+  {%- endif %}
+
+  {%- for key,value in headers.items() %}
+  add_header            {{ key }} "{{ value }}";
+  {%- endfor %}
+
+  location / {
+    {%- if proxy %}
+    proxy_pass            {{ proxy_pass }};
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header Host $host;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection "upgrade";
+    proxy_set_header AppVhost $host;
+    {%- if not cache %}
+    proxy_no_cache        1;
+    proxy_cache_bypass    1;
+    {%- endif %}
+    {%- endif %}
+    {%- if autoindex %}
+    autoindex             on;
+    autoindex_localtime   on;
+    {%- else %}
+    index                 index.html index.rss;
+    {% endif %}
+    {%- if auth %}
+    auth_basic "Restricted area";
+    auth_basic_user_file {{ config_dir }}/auth/htpasswd;
+    {%- endif %}
+  }
+
+  {%- for dir in dirs %}
+  location {{ dir.name }} {
+    alias                 {{ dir.alias }};
+  }
+  {%- endfor %}
+  location /socket.io {
+      proxy_pass {{ proxy_pass }};
+
+      proxy_http_version 1.1;
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header Host $host;
+      proxy_set_header Upgrade $http_upgrade;
+      proxy_set_header Connection "upgrade";
+      proxy_set_header AppVhost $host;
+    }
+
+  location /robots.txt {
+    return 200 "User-agent: *\r\nDisallow: /";
+  }
+}
diff --git a/states/nginx/templates/types/nextcloud.j2 b/states/nginx/templates/types/nextcloud.j2
index 58689f9..e51631b 100644
--- a/states/nginx/templates/types/nextcloud.j2
+++ b/states/nginx/templates/types/nextcloud.j2
@@ -20,6 +20,9 @@ server {
   client_max_body_size  4G;
   fastcgi_buffers       64 4K;
   add_header            Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+  {%- for key,value in headers.items() %}
+  add_header            {{ key }} "{{ value }}";
+  {% endfor -%}
 
   location / {
     rewrite    ^/.well-known/host-meta /public.php?service=host-meta last;
diff --git a/states/nginx/templates/types/rainloop.j2 b/states/nginx/templates/types/rainloop.j2
index 0e25a4b..2e97dcc 100644
--- a/states/nginx/templates/types/rainloop.j2
+++ b/states/nginx/templates/types/rainloop.j2
@@ -13,6 +13,10 @@ server {
 
   index        index.php index.html;
 
+  {%- for key,value in headers.items() %}
+  add_header            {{ key }} "{{ value }}";
+  {%- endfor %}
+
   location ~ /(conf|bin|inc)/ {
     deny       all;
   }
diff --git a/states/nginx/templates/types/rd.j2 b/states/nginx/templates/types/rd.j2
index cc613aa..c72d6c4 100644
--- a/states/nginx/templates/types/rd.j2
+++ b/states/nginx/templates/types/rd.j2
@@ -17,6 +17,7 @@ server {
   ssl_certificate         /etc/acme/certs/services-rd.cert;
   ssl_certificate_key     /etc/acme/keys/services-rd.key;
   {%- endif %}
+ 
   location / {
     {%- if proxy %}
     proxy_pass            {{ proxy_pass }};
diff --git a/states/nginx/templates/types/simple.j2 b/states/nginx/templates/types/simple.j2
index f515922..3a4c29c 100644
--- a/states/nginx/templates/types/simple.j2
+++ b/states/nginx/templates/types/simple.j2
@@ -15,6 +15,11 @@ server {
   {%- if not proxy %}
   root                    "{{ root_dir }}";
   {%- endif %}
+
+  {%- for key,value in headers.items() %}
+  add_header            {{ key }} "{{ value }}";
+  {%- endfor %}
+
   location / {
     {%- if proxy %}
     proxy_pass            {{ proxy_pass }};
@@ -33,9 +38,6 @@ server {
     auth_basic "Restricted area";
     auth_basic_user_file {{ config_dir }}/auth/htpasswd;
     {%- endif %}
-    {%- for key,value in headers.items() %}
-    add_header            {{ key }} {{ value }};
-    {% endfor -%}
   }
 
   {%- for dir in dirs %}
diff --git a/states/nginx/templates/types/zabbix.j2 b/states/nginx/templates/types/zabbix.j2
index 52df302..ac108cb 100644
--- a/states/nginx/templates/types/zabbix.j2
+++ b/states/nginx/templates/types/zabbix.j2
@@ -13,6 +13,10 @@ server {
 
   index             index.php index.html;
 
+  {%- for key,value in headers.items() %}
+  add_header            {{ key }} "{{ value }}";
+  {%- endfor %}
+
   location ~ setup.php$ {
     return 403;
   }